Security Incidents mailing list archives
Re: SSH attacks?
From: "alann lopes" <alann () ucsd edu>
Date: Sat, 31 Jul 2004 17:21:18 -0700
On Fri, 30 Jul 2004 07:16:52 EDT, M Shirk said:
If possible, change your SSHD port as discussed in which you will avoid any of these types of scans.
On Fri, July 30, 2004 1:51 PM, Valdis.Kletnieks said:
Or even better, use iptables/ipf/whatever to restrict what hosts can connect, if you can. If you know that a connection should only be from within the subnet, throw in a ruleset to allow that, and then a deny for everybody else.
I agree with Valdis... I've found this methodology very useful over the years. And to deal with clients from dynamic IPs, about 5 years ago I wrote a few scripts and a web interface that allows these remote users to register their dynamic IPs by authenticating themselves against a pop server using APOP. The web connection is SSLed. It has worked extremely well for years for both myself and a few other folks here on campus. cheers, alann
Current thread:
- Re: SSH attacks? alann lopes (Aug 01)
- <Possible follow-ups>
- Re: SSH attacks? Jyri Hovila (Aug 01)
- Re: SSH attacks? George Georgalis (Aug 01)
- Re: SSH attacks? Juri Haberland (Aug 01)